From: Miaoqian Lin <[email protected]>
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from
dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
CVE: CVE-2023-22995
Fixes: 2bc02355f8ba ("usb: dwc3: qcom: Add support for booting with ACPI")
Signed-off-by: Zheng Yejian <[email protected]>
---
drivers/usb/dwc3/dwc3-qcom.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/dwc3-qcom.c b/drivers/usb/dwc3/dwc3-qcom.c
index 28bc7480acf3..dfd7873f645b 100644
--- a/drivers/usb/dwc3/dwc3-qcom.c
+++ b/drivers/usb/dwc3/dwc3-qcom.c
@@ -617,8 +617,10 @@ static int dwc3_qcom_acpi_register_core(struct platform_device *pdev)
qcom->dwc3->dev.coherent_dma_mask = dev->coherent_dma_mask;
child_res = kcalloc(2, sizeof(*child_res), GFP_KERNEL);
- if (!child_res)
+ if (!child_res) {
+ platform_device_put(qcom->dwc3);
return -ENOMEM;
+ }
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
if (!res) {
@@ -656,9 +658,13 @@ static int dwc3_qcom_acpi_register_core(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev, "failed to add device\n");
device_remove_software_node(&qcom->dwc3->dev);
+ goto out;
}
+ kfree(child_res);
+ return 0;
out:
+ platform_device_put(qcom->dwc3);
kfree(child_res);
return ret;
}
--
2.25.1
On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
> From: Miaoqian Lin <[email protected]>
>
> commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
>
> Add the missing platform_device_put() before return from
> dwc3_qcom_acpi_register_core in the error handling case.
>
> Signed-off-by: Miaoqian Lin <[email protected]>
> Link: https://lore.kernel.org/r/[email protected]
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> CVE: CVE-2023-22995
That is a bogus CVE, please go revoke it.
thanks,
greg k-h
On 2023/3/3 23:49, Greg KH wrote:
> On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
>> From: Miaoqian Lin <[email protected]>
>>
>> commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
>>
>> Add the missing platform_device_put() before return from
>> dwc3_qcom_acpi_register_core in the error handling case.
>>
>> Signed-off-by: Miaoqian Lin <[email protected]>
>> Link: https://lore.kernel.org/r/[email protected]
>> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>> CVE: CVE-2023-22995
>
> That is a bogus CVE, please go revoke it.
Agree. I see this CVE and its fixes information from NVD,
so try to backport this patch to fix it:
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Then should I just remove the "CVE: " field and send a v2 patch?
Or you mean "revoke" the CVE from NVD? I actually don't know how
to do that :(
>
> thanks,
>
> greg k-h
On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote:
> On 2023/3/3 23:49, Greg KH wrote:
> > On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
> > > From: Miaoqian Lin <[email protected]>
> > >
> > > commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
> > >
> > > Add the missing platform_device_put() before return from
> > > dwc3_qcom_acpi_register_core in the error handling case.
> > >
> > > Signed-off-by: Miaoqian Lin <[email protected]>
> > > Link: https://lore.kernel.org/r/[email protected]
> > > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > > CVE: CVE-2023-22995
> >
> > That is a bogus CVE, please go revoke it.
>
> Agree. I see this CVE and its fixes information from NVD,
> so try to backport this patch to fix it:
> Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Again, this is not a valid bug, the "problem" described can not ever be
hit in a real system from what I can tell.
> Then should I just remove the "CVE: " field and send a v2 patch?
> Or you mean "revoke" the CVE from NVD? I actually don't know how
> to do that :(
If you care about CVEs being "real", yes, please get it revoked from the
NVD. There is no need to backport it either from what I can determine.
thanks,
greg k-h
On 2023/3/6 13:49, Greg KH wrote:
> On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote:
>> On 2023/3/3 23:49, Greg KH wrote:
>>> On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
>>>> From: Miaoqian Lin <[email protected]>
>>>>
>>>> commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
>>>>
>>>> Add the missing platform_device_put() before return from
>>>> dwc3_qcom_acpi_register_core in the error handling case.
>>>>
>>>> Signed-off-by: Miaoqian Lin <[email protected]>
>>>> Link: https://lore.kernel.org/r/[email protected]
>>>> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>>>> CVE: CVE-2023-22995
>>>
>>> That is a bogus CVE, please go revoke it.
>>
>> Agree. I see this CVE and its fixes information from NVD,
>> so try to backport this patch to fix it:
>> Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
>
> Again, this is not a valid bug, the "problem" described can not ever be
> hit in a real system from what I can tell.
Agreed!
>
>> Then should I just remove the "CVE: " field and send a v2 patch?
>> Or you mean "revoke" the CVE from NVD? I actually don't know how
>> to do that :(
>
> If you care about CVEs being "real", yes, please get it revoked from the
> NVD. There is no need to backport it either from what I can determine.
>
Thanks for you pationce :)
--
Zheng Yejian
> thanks,
>
> greg k-h